How to stop unauthorized Dynamic Updates.

Doug Barton DougB at DougBarton.net
Sun Feb 16 21:52:16 UTC 2003


On Sat, 15 Feb 2003, Steven Job wrote:

> My nameserver is getting bombarded with unauthorized dynamic updates.
> All of which are refused but still it's polluting my logs.
> Most of them from Windows 2000 machines always trying to take over the
> world.
>
> To prevent this constant hit of requests I was told to change the MNAME
> field in the SOA record to "localhost" (no trailing dot) and then also
> have an A record for "localhost" (no trailing dot) pointing at
> 127.0.0.1, and the traffic magically stops (coming to you anyway).

Well, you should have a localhost.yourdomain.tld record anyway, so the
second half of that recommendation is totally valid. :)  I can attest to
the efficacy of the "MNAME points to 127.0.0.1" as a solution for the
dynamic updates problem when you have no control over the clients though.
We had the same problem with our customers lovingly assigning their win2k
boxes names in the shiny new domains that they had purchased from us. When
I finally came up with that solution, the name server that was in MNAME
for our customer dns records was getting several times the number of
dynamic updates as it was queries.

To make it totally clear what was happening, I actually made our MNAME
record "no-dynamic-updates.domain.com." and of course, created a
no-dynamic-updates record pointing to 127.0.0.1.

HTH,

Doug

-- 

    "The last time France wanted more evidence, it rolled right
        through Paris with a German flag." - David Letterman


More information about the bind-users mailing list